Password Cracking
We will show different tools we can use to crack hashes.
Tools
hashcat
ASREPRoast
hashcat -m 18200 hash.txt /usr/share/wordlist/rockyou.txtKerberoasting
hashcat -m 13100 hash.txt /usr/share/wordlist/rockyou.txtHashcat Rules
Below we can see a sample rules files I created during an engagement.
:
l
u
c
$1$2$3$!
$1$2$3$!
$1$2$3$?
$2$0$2$0
$2$0$2$1
$2$0$2$2
$2$0$2$3
$2$0$2$4
l$1$2$3$!
u$1$2$3$!
c$1$2$3$!
lc$1$2$3$!We can combine may other combinations but the above should work for many machines.
john
john --wordlist=/usr/share/wordlist/rockyou.txt hash.txtGenerate Name Permutations
Imagine we have found name of employees on the website of our target. We should generate a list with some common permutations for usernames.
We will use called username-anarchy to generate our permutations.
username-anarchy -i user.txt | awk '{ if (length($0) > 7) print }'However I also developed my own little python script to generate simple usernames.
#!/usr/bin/env python
# Script to extract data (in this case Names) from a big String Line
from posixpath import split
from statistics import fmean
firstName = []
lastName = []
fullName = []
with open('data.txt') as f:
for line in f:
fName = line.splitlines()
fullName.append(fName)
for fname in fullName:
first = fname[0].split(' ')[0]
last = fname[0].split(' ')[1]
firstName.append(first)
lastName.append(last)
for first in firstName:
# john
print(first)
for last in lastName:
# smith
print(last)
# john smith
print(first+last)
# smith john
print(last+first)
# john.smith
print(first+"."+last)
# smith.john
print(last+"."+first)
# jsmith
print(first[0]+last)
# sjohn
print(last[0]+first)
# j.smith
print(first[0]+"."+last)
# s.john
print(last[0]+"."+first)
# john.s
print(first+"."+last[0])
# smith.j
print(last+"."+first[0])
However my script has duplicates so we need to do a little bashfu.
userGen.py | sort | uniq Someday I should modify the script to request
Websites
Last updated